by redmail.netbsd.org with SMTP; 3 Mar 2000 09:24:15 -0000
	by arresum.inka.de (8.9.3/8.9.3) id JAA03157
	for tech-security@netbsd.org; Fri, 3 Mar 2000 09:44:29 +0100 (MET)
From: Bernd Ernesti <netbsd@arresum.inka.de>
Message-Id: <200003030844.JAA03157@arresum.inka.de>
Subject: Re: "racoon" installation
To: tech-security@netbsd.org
Date: Fri, 3 Mar 2000 09:44:28 +0100 (MET)
In-Reply-To: <21139.952053507@lychee.itojun.org> from "Jun-ichiro itojun Hagino" at Mar 03, 2000 12:18:27 PM
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

On Fri Mar  3 04:18:27 2000, Jun-ichiro itojun Hagino wrote:
> 
> 	Hello.
> 
> 	KAME racoon (IKE daemon) is trying to improve certificate support.
> 	Use of RSA is very popular for X.509 certificates.  Therefore, with
> 	plain installation of NetBSD-current with crypto-{us,intl}, racoon
> 	cannot support certificates.  It would be a bit pity situation.

That can be fixed when you use PATENTEDOPENSSLSRC in /etc/mk.conf.
If thats not enough, then we have to provide more support to fix the problem.

> 	I think of providing racoon as pkgsrc (pkgsrc/security/racoon),
> 	instead of in base system (remove racoon from base system installation

NO, please don't do that.

Bernd